Patching Security Flaws: Hotel Master Keys, Amazon Alexa Eavesdropping

Security researchers have recently revealed a few new major security flaws that could have affected many hotel guests and users of Amazon’s Alexa-enabled products, respectively, but both issues now appear to be fixed.

By Fusionstudio / Shutterstock.com

Researchers at F-Secure discovered a flaw which allowed them to take any electronic hotel keycard — including cards that were already used or discarded — and take the data to create a master key allowing access “to open any room in the building.”

The software — Vision by VingCard — is “used to secure millions of hotel rooms worldwide.” The world’s largest lock manufacturer, Assa Abloy, has issued software updates to fix the issue, F-Secure says.

This would understandably be a major concern, but the likelihood of such an attack actually occurring at some point in recent years seems to be unfeasible. It took years for researchers to develop the attack, and F-Secure’s Tomi Tuominen also noted, “We don’t know of anyone else performing this particular attack in the wild right now.”

A Spying Skill

Meanwhile, researchers at Checkmarx have revealed they set out to develop a skill that could turn an Alexa-enabled Echo device into a secret recording and transcribing device that could send all information to a malicious hacker.

After successfully developing such an Alexa “skill,” Checkmarx says it “disclosed this attack scenario to Amazon Lab126 and worked closely with their team to mitigate the risk.”

An Amazon spokesperson told Gizmodo, “We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do.”

Lingering Concerns

While it appears that trouble was avoided twice on these particular occasions, they don’t completely alleviate fears about these devices. It doesn’t seem impossible for someone hacker to develop another sort of hotel keycard hack — you should be using your inner locks when you’re in your hotel room, if you haven’t been doing so already.

Amazon’s Alexa still carries its own set of concerns as well. The company’s Echo devices open up a number of intriguing home automation possibilities, but there are still worries about what happens to user voice data. Amazon announced its new Echo Dot Kids Edition on Wednesday.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews